From 11f5b0872b1b66dd56af5a146e5065ce99a7c7b5 Mon Sep 17 00:00:00 2001 From: Philippe PITTOLI Date: Wed, 26 Jun 2024 01:33:58 +0200 Subject: [PATCH] Users can now safely change their email address. --- src/authd/user.cr | 4 ++++ src/requests/moduser.cr | 17 ++++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/authd/user.cr b/src/authd/user.cr index e6b98ba..7bafbf0 100644 --- a/src/authd/user.cr +++ b/src/authd/user.cr @@ -4,6 +4,8 @@ require "uuid" class AuthD::User include JSON::Serializable + def_clone + enum PermissionLevel None Read @@ -18,6 +20,8 @@ class AuthD::User class Contact include JSON::Serializable + def_clone + # the activation key is removed once the user is validated property activation_key : String? = nil property email : String? diff --git a/src/requests/moduser.cr b/src/requests/moduser.cr index b61c475..92962b0 100644 --- a/src/requests/moduser.cr +++ b/src/requests/moduser.cr @@ -12,6 +12,7 @@ class AuthD::Request logged_user = authd.get_logged_user_full? fd return Response::ErrorMustBeAuthenticated.new if logged_user.nil? + # The user will be modified, we should get a COPY of the user. user = if u = @user logged_user.assert_permission("authd", "*", User::PermissionLevel::Edit) authd.user? u @@ -20,23 +21,29 @@ class AuthD::Request end return Response::ErrorUserNotFound.new if user.nil? + cloned_user : AuthD::User = user.clone + # Only an admin can uprank or downrank someone. if admin = @admin logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin) - user.admin = admin + cloned_user.admin = admin end @password.try do |s| - user.password_hash = authd.hash_password s + cloned_user.password_hash = authd.hash_password s end @email.try do |email| - user.contact.email = email + cloned_user.contact.email = email end - authd.users_per_uid.update user.uid.to_s, user + begin + authd.users_per_uid.update cloned_user.uid.to_s, cloned_user + rescue e + return Response::Error.new "could not update the user (email may already be used)" + end - Response::UserEdited.new user.uid + Response::UserEdited.new cloned_user.uid end end AuthD.requests << ModUser